This was fixed in Ubuntu 10.04 LTS.
** Changed in: otrs2 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/214993
Title:
[otrs2] [CVE-2008-1515] inform
I guess this bug still open means that the package is currently not
being maintained?
I'm working for OTRS AG, and wiling to work with someone from the Ubuntu
team to get the package OTRS2 in Ubuntu in proper shape. Either that, or
I'd rather have it removed from the repositories.
--
[otrs2] [CV
I think the best approach is to go for removing the file bin/cgi-bin/rpc.pl
because probably most (small) otrs setups don't need SOAP/rpc. It's easy to
make a debdiff in the following way :
https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff
I can't do it right now because I don't have my gpg
More information : http://otrs.org/advisory/OSA-2008-01-en/
Suggested workaround by OTRS (other than upgrading to 2.2.6 / 2.1.8 :
As a workaround you can remove the file bin/cgi-bin/rpc.pl or
update bin/cgi-bin/rpc.pl from cvs to version 1.6
(http://cvs.otrs.org/viewvc.cgi/otrs/bin/cgi-bin/rpc.pl
I'm confirming this bug. Here's more information :
http://otrs.org/news/2008/otrs_2_2_6/
** Changed in: otrs2 (Ubuntu)
Status: New => Confirmed
--
[otrs2] [CVE-2008-1515] information disclosure
https://bugs.launchpad.net/bugs/214993
You received this bug notification because you are a me
